Question ID: 3467 - DORA276
Regulation Reference: (EU) 2022/2554 - Digital Operational Resilience Act (DORA)
Topic: Digital operational resilience testing (DORA)
Article: 25(1)
Status: Rejected
Date of submission: 24 Nov 2025
Question
DORA regulation, Article 25, paragraph 1 has this text:
The digital operational resilience testing programme referred to in Article 24 shall provide, in accordance with the criteria set out in Article 4(2), for the execution of appropriate tests, such as vulnerability assessments and scans, open source analyses, network security assessments, gap analyses, physical security reviews, questionnaires and scanning software solutions, source code reviews where feasible, scenario-based tests, compatibility testing, performance testing, end-to-end testing and penetration testing.
What is the definition of 'end to end' testing in this context ? What tools do you recommend for running this end to end test?
Background of the question
We are trying to ascertain what does good look like as there are varying interpretations of end to end test.
EIOPA answer
This question has been rejected because it relates to a definition, which is outside of the scope of the Q&A process and relates to institution-specific questions requiring bespoke advice.